domain.py patch

Daniele Dario d.dario76 at gmail.com
Thu Apr 19 04:25:07 MDT 2012 

Hi Andrew,

On Thu, 2012-04-19 at 14:40 +1000, Andrew Bartlett wrote:
> On Mon, 2012-04-16 at 09:12 +0200, Daniele Dario wrote:
> > Hi samba list,
> > trying to demote my secondary DC, I've found a little typo in the demote
> > function inside domain.py:
> > if the DC is the owner of some FSMO rules, the function should tell the
> > number of rules which DC owns.
> > 
> > I've added the number as in following diff:
> > 
> > 251c251
> > <             raise CommandError("Current DC is still the owner of %d
> > role(s), use the role command to transfer roles to another DC" %
> > len(res))
> > ---
> > >             raise CommandError("Current DC is still the owner of %d
> > role(s), use the role command to transfer roles to another DC")
> > 
> > Would'n it be better to show also which roles we have to transfer before
> > demote? I'm thinking something like
> > 
> >         res = samdb.search(expression="(fSMORoleOwner=%s)" %
> > str(ntds_dn),
> >                             controls=["search_options:1:2"])
> > 
> >         if len(res) != 0:
> >             for foundOwnedRole in res
> >                 print foundOwnedRole['fSMORoleOwner'][0]
> >             raise CommandError("Current DC is still the owner of %d
> > role(s), use the role command to transfer roles to another DC" %
> > len(res))
> > 
> > but I don't know which is the right syntax to use to show the role like
> > CN=NTDS
> > Settings,CN=MYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
> > 
> > Best regards,
> > Daniele.
> 
> This snippet will get your own own NDTS Setting DN:
> 
> +        res = samdb.search("",
> +                                scope=ldb.SCOPE_BASE,
> attrs=["dsServiceName"])
> +        assert len(res) == 1
> +        serviceName = res[0]["dsServiceName"][0]
> 
> If you could return your patch in diff -u format (or better still, as a
> git commit, and git format-patch -1) I'll be very glad to get some
> improvements here into the tree.
> 
> Thanks!
> 
> Andrew Bartlett
> 

I tried to use the git commit (hope worked well).
Anyway, this is the diff -u

--- domain.py	2012-04-19 12:08:56.950767521 +0200
+++ /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py
2012-04-19 12:08:31.791169616 +0200
@@ -249,7 +249,7 @@
                             controls=["search_options:1:2"])
 
         if len(res) != 0:
-            raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC" %
len(res))
+            raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC")
 
         print "Using %s as partner server for the demotion" % server
         (drsuapiBind, drsuapi_handle, supportedExtensions) =
drsuapi_connect(server, lp, creds)

I don't understand what you told me about the snippet to get server's
owned NTDS settings.
I've tried to get them using ldbsearch:

[root at kdc01:/usr/local/samba/private]# ldbsearch -H sam.ldb --scope=base
"dsServiceName"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: DC=saitelitalia,DC=local

# returned 1 records
# 1 entries
# 0 referrals

Can you clarify it?

Thanks,
Daniele.

More information about the samba-technical mailing list